Packetwatch.net

Syslog-ng in FreeBSD



Last modified: Mar. 7, 2010

Contents
1 - Summary
2 - Syslog-ng installation
3 - Service configuration
4 - Service check


1 - Summary

This guide will show you how to install syslog-ng in FreeBSD. This has been
tested in FreeBSD 7.0, 7.1, 7.2 and 8.0.


2 - Syslog-ng installation

Install the syslog-ng package.
# sudo pkg_add -r syslog-ng2
Password:


3 - Service configuration

Find where the syslog-ng daemon was installed to.
# pkg_info -L syslog-ng* | grep sbin
/usr/local/sbin/syslog-ng

Rename the startup configuration file so the syslog-ng service will start
first.
# sudo mv /usr/local/etc/rc.d/syslog-ng /usr/local/etc/rc.d/001-syslog-ng
Password:

Edit /etc/rc.conf.local so that syslog-ng will start when the system starts
up and not syslog. Remove the following line.
  syslogd_flags=
Add the following.
  syslogd_enable="NO"
  syslog_ng_enable="YES"
  syslog_ng_pid="/var/run/syslog-ng.pid"
# sudo vi /etc/rc.conf.local
Password:

Find where the configuration file should be put.
# grep syslog-ng.conf /usr/local/etc/rc.d/001-syslog-ng
required_files=/usr/local/etc/syslog-ng.conf
# strings /usr/local/sbin/syslog-ng | grep syslog-ng.conf
  -f , --cfgfile=    Set config file name, default=/usr/local/etc/syslog-ng.conf
/usr/local/etc/syslog-ng.conf

You can now create your own syslog-ng.conf file if you like. You can use the
following for your source.
  source local { internal(); file("/dev/klog" log_prefix("kernel: ")); \
    unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); };
# pkg_info -L syslog-ng* | grep syslog-ng.conf
/usr/local/man/man5/syslog-ng.conf.5.gz
/usr/local/etc/syslog-ng/syslog-ng.conf.sample
# sudo cp /usr/local/etc/syslog-ng/syslog-ng.conf.sample /usr/local/etc/syslog-ng.conf
Password:
# sudo cp /usr/local/etc/syslog-ng.conf /usr/local/etc/syslog-ng.conf.example
Password:
# sudo chmod u+w /usr/local/etc/syslog-ng.conf
Password:
# sudo vi /usr/local/etc/syslog-ng.conf
Password:
# sudo /usr/local/sbin/syslog-ng -s -f /usr/local/etc/syslog-ng.conf
Password:

Stop the syslog service and start the syslog-ng service.
# su - root
Password:
# kill -9 `cat /var/run/syslog.pid`
# rm -fP /var/run/syslog.pid
# rm -fP /var/run/syslogd.sockets
# ps aux | grep syslog
# logout
# sudo /usr/local/etc/rc.d/001-syslog-ng start
Password:
Starting syslog_ng.
# sudo /usr/local/etc/rc.d/001-syslog-ng status
Password:
syslog_ng is running as pid 920.


4 - Service check

Reboot your computer. Log in like normal and check to see that the syslog
service isn't running and the syslog-ng service is running. That's it, now you
have syslog-ng running in FreeBSD.
# sudo shutdown -r now
Password:
# sudo ls -1 /var/run/syslog*
Password:
/var/run/syslog-ng.pid
# sudo /usr/local/etc/rc.d/001-syslog-ng status
Password:
syslog_ng is running as pid 473.


Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.